Does anyone know what exactly huawei are providing under the UFB, so far all I've heard about is ducting, and to think that that's any kind of security concern is ridiculous because it's plastic, what're they going to do, hack into the plastic ducting from their computers in Beijing? I don't think so.

The access network will use leading edge access technologies including Gigabit Passive Optical Network (GPON) across Huawei SmartAx MA5600T Optical Line Termination and Gigabit Point to Point Ethernet using Huawei Quidway S9300 Terabit routing Metro Ethernet platforms at central offices.

Ultrafast Broadband Ltd’s access network will be aggregated by CX600 400G Enhanced Metro Ethernet switching system and managed end to end with Huawei unified Network Management System. end quote

Lifted from a press release on the WEL Networks site.WEL Networks is the private partner in Ultrafast Fibre Ltd. Ultrafast Fibre Ltd is the local fibre company with the contract to build six towns & cities in the North Island.

http://www.wel.co.nz/news.asp?pageID=2145841546&RefID=2141741150

quote : Christchurch UFB winner Enable Networks (owned by the council) said this morning it had chosen the company [Huawei] to provide fibre, ducting and layer 2 electronics. end quote

So, it appears to be public knowledge that Huawei is providing most if not all of the layer 2 network infrastructure for both Ultrafast Fibre Ltd and Enable Networks, comprising nearly 30% of the UFB rollout.

I am familiar with some of the rigorous testing and certification required of Huawei as part of one of these contracts, but as this was gained during my employment at an LFC I cannot share that in a public forum.

Judging by this press release courtesy of Huawei themselves, it appears that they are responsible for a reasonable portion of the 2 degrees network.http://www.huawei.co.nz/nz/assets/downloads/2degrees%20case%20study.pdf

And it seems they are doing business with Vodafone as well :quote : In 2007, it [Huawei] won the tender for Vodafone’s fixed line broadband network end quotehttp://computerworld.co.nz/news.nsf/news/huawei-execs-fly-in-from-from-china-to-check-out-nz-opportunities

So now that we have the facts on the table, let's lurch into some opinion.

.....

My opinions (TWEIE) are mine, not my employers. Any statements of fact are drawn from public sources.

Apparently Huawei use is ok in countries like the UK and Canada., and many others. In the States they're fighting imports from China and wanting to keep/increase jobs, and of course they've no legal input or control over the Huawei firmware. Australia is their best friend, when it comes to security issues.

Who's to say if you bought this kit off another supplier it wouldn't be any less of a security risk?

We're really just arguing over who might be spying on the UFB rollout, the eh-hem 'good-guys' or the 'bad-guys'.

If Huawei acting as the operator of any of the networks listed in my earlier post (as opposed to just an equipment vendor), then they would likely have access to the management of the layer 2 equipment. From here they could possibly mirror data to another port or collect it in some other fashion (remember there is usually a requirement for most telco networks in NZ to have this capability in order to honour their lawful intercept obligations).Once the data has been mirrored, siphoned or collected it can then be shipped "back home" for further analysis.

To be quite clear, I am describing a hypothetical example of what might happen. I am not for a moment suggesting that I have any evidence, suspicion or even a clue that this activity is occurring on any network in NZ.

I have operated layer 2 networks previously where if I chose to I could have easily siphoned off customer data. And I could have done so with no requirement for co-operation from the equipment vendor. But to be quite honest, I've got better things to do with my time.

Getting back to the thread, if Huawei was strictly an equipment vendor and not involved in network operation then it would be significantly more difficult for data collection to occur. This would likely require covert action during the design and manufacture process, obviously much more difficult to accomplish than a dishonest network operator collecting data.

To summarise, if you're considering risks to your data, then I would consider the network operator to be the greater vulnerability than the network equipment vendor. And if you really do have secrets you want kept secret, you're encrypting it anyway aren't you ?

My opinions (TWEIE) are mine, not my employers. Any statements of fact are drawn from public sources.